<p>Upgrade <code>com.ibeetl:beetl-core</code> to version 3.15.13.RELEASE or higher.</p>

Improper Neutralization of Special Elements Used in a Template Engine Affecting com.ibeetl:beetl-core package, versions [,3.15.13.RELEASE)

Threat Intelligence

Proof of concept

0.14% (51^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-COMIBEETL-6227606
published 5 Feb 2024
disclosed 2 Feb 2024
credit wooclee

Report a new vulnerability Found a mistake?

Introduced: 2 Feb 2024

CVE-2024-22533 Open this link in a new tab CWE-1336 Open this link in a new tab

How to fix?

Upgrade com.ibeetl:beetl-core to version 3.15.13.RELEASE or higher.

Overview

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to insufficient filtering in the DefaultNativeSecurityManager blacklist. An attacker can execute arbitrary code by crafting a malicious template that bypasses the blacklist.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High